|
Cybersecurity Incident Reporting and Respone Policy:
Supporting documents: Full policy
All suspected information security incidents must be reported promptly to the appropriate university office or party.
What to Report
- Any event in which access to University data might have been gained by an unauthorized person
- Any event in which a device containing University information has (or might have been) lost, stolen or infected with malicious software (viruses, Trojans, etc.)
- Any event in which an account belonging to a person that has access to the data might have been compromised or the password shared with unauthorized person (responding to phishing emails, someone shoulder surfing and writing down your password, etc.)
- Any attempt to physically enter or break into a secure area where University data is or might be stored
- Any other event in which University data has been or might have been lost or stolen
- Any event in which University information system policies, standards, or practices are violated
How to Report
Delegated Authority for Information Security Incidents |
Area of Responsibility |
Contact Information |
Information Security |
All information, information systems, and infrastructure technology except for the areas specifically listed below. |
IT-Security@ouhsc.edu
405-271-2476
|
HIPAA Security Officer |
Electronic PHI for OUHSC Healthcare Components |
Valerie Golden
405-271-8001 x46456 |
FERPA Official |
Incidents involving student information protected by the Family Educational Rights and Privacy Act (FERPA) |
Lori-Klimkowski@ouhsc.edu
Registrar, Office of Admissions & Records 405-271-2359 x48900 |
PCI Compliance Official |
Incidents involving payment card data and information systems. |
Kenneth Reed
405-271-2644 x50300 |
Last Updated: 04/24/2018
|